Vulnerabilities

Salesloft Reveals Drift Security Breach Started with Undetected GitHub Access

Hackers accessed Salesloft's GitHub, leading to a supply-chain attack on hundreds of firms. Security transparency and Drift's reputation are questioned.

By Content Team

Sep 8, 2025

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

Salesloft disclosed that hackers gained access to its GitHub account as early as March, leading to a massive supply-chain attack that compromised hundreds of organizations in August. The threat group, tracked as UNC6395 by Google, spent months lurking in Salesloft's systems before accessing Drift's AWS environment and stealing OAuth tokens to infiltrate customer data.

The company took Drift offline Friday and rotated security credentials, but many questions remain unanswered. Salesloft hasn't explained how attackers initially accessed GitHub or obtained the OAuth tokens. Security analysts criticize the company's lack of transparency, with some suggesting Drift's reputation may be permanently damaged by the breach.

Source: CyberScoop

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

Critical Net-SNMP Flaw Threatens Network Infrastructure Worldwide

Dec 25, 2025

FBI Probes Cyber Attack on System Containing Surveillance Data

Mar 7, 2026

Iranian Hackers Breach US Airport, Bank, and Defense Contractor Networks

Mar 6, 2026

Hims Telehealth Breach Exposes Highly Sensitive Patient Data

Apr 11, 2026